CVE-2023-35083

2023-10-1803:52:12

hackerone

www.cve.org

endpoint manager

arbitrary files

sensitive information leakage

authenticated attacker

network access

cve-2023-35083

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "vendor": "Ivanti",
    "product": "Endpoint Manager",
    "versions": [
      {
        "version": "2022 su3",
        "status": "unaffected",
        "lessThan": "2022 su3",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US